Lucene search

K
redhatRedHatRHSA-2018:2565
HistoryAug 27, 2018 - 7:54 a.m.

(RHSA-2018:2565) Important: rh-postgresql10-postgresql security update

2018-08-2707:54:02
access.redhat.com
18

0.007 Low

EPSS

Percentile

80.7%

PostgreSQL is an advanced object-relational database management system (DBMS).

The following packages have been upgraded to a later upstream version: rh-postgresql10-postgresql (10.5). (BZ#1612673, BZ#1614337)

Security Fix(es):

  • postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915)

  • postgresql: Missing authorization and memory disclosure in INSERT … ON CONFLICT DO UPDATE statements (CVE-2018-10925)

  • postgresql: Too-permissive access control list on function pg_logfile_rotate() (CVE-2018-1115)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915; and Stephen Frost as the original reporter of CVE-2018-1115.